General
-
Target
SOA.exe
-
Size
589KB
-
Sample
230328-rv9z3sdb9z
-
MD5
defbf15f5b7262773d20877d0418d330
-
SHA1
b512c5b918c4a33cd047887a7355146f97e58249
-
SHA256
7a5f35d37f85efb64b8a34a030821c725a6ae4f868694377be2034805d202af5
-
SHA512
59567816b8d2d5b1ae729c699e89bfd74c51a68b8ae6e17ff4e24cc1af77df1d18484c6d5b32a1530640e9b0dbba12b5e1576066c069a9b6869c449ee25cc1cd
-
SSDEEP
12288:P4WtmABdVLhcA9D/4BjlQFZJHBkHbowIVTe4/YnU:TdpkBOLDuNqa4g
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.clipjoint.co.nz - Port:
587 - Username:
clipjoint@clipjoint.co.nz - Password:
melandloz64 - Email To:
geortiok4@gmail.com
Targets
-
-
Target
SOA.exe
-
Size
589KB
-
MD5
defbf15f5b7262773d20877d0418d330
-
SHA1
b512c5b918c4a33cd047887a7355146f97e58249
-
SHA256
7a5f35d37f85efb64b8a34a030821c725a6ae4f868694377be2034805d202af5
-
SHA512
59567816b8d2d5b1ae729c699e89bfd74c51a68b8ae6e17ff4e24cc1af77df1d18484c6d5b32a1530640e9b0dbba12b5e1576066c069a9b6869c449ee25cc1cd
-
SSDEEP
12288:P4WtmABdVLhcA9D/4BjlQFZJHBkHbowIVTe4/YnU:TdpkBOLDuNqa4g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-